January 30th, 2012

Your One-Stop Shop for OAuth Tutorials

OAuth TutorialsThe ongoing explosion in the amount of online information generated by enterprises has created a need for open, distributed access – a way to get at online content that doesn’t require private user credentials to flow freely over the Internet. The OAuth specification has rapidly emerged as the key standard that enables this kind of delegated access.

At Layer 7, we’ve responded with the creation of our OAuth Toolkit, as well as a series of tutorial videos that explain how enterprises can use the Toolkit to simplify OAuth implementation. Now, in response to the overwhelmingly positive response we’ve received to these tutorials, we’ve decided to give them their own section on our Web site.

This section features all of Francois Lascelles’ popular OAuth 2.0 with Layer 7 Gateways series, with expanded notes and commentary. It also includes one or two of my own tutorials. Over time we’ll be adding demonstrations of how Layer 7 enables connectivity to commonly used OAuth implementations at various social and business networks, including Twitter and LinkedIn.

January 23rd, 2012

OAuth Tutorial: Modifying a Layer 7 OAuth 1.0a Implementation to Support Custom Requirements

Written by

Modifying OAuth for Custom RequirementsLast week, I posted a video tutorial demonstrating how Layer 7’s OAuth Toolkit makes it possible to use a SecureSpan or CloudSpan Gateway as an OAuth 1.0/1.0a Server and Client. Today, I’m going to follow that up with a tutorial on how a Layer 7 OAuth implementation can be modified to support custom requirements.

The tutorial demonstrates this thorough the addition of a new parameter, which is extracted from transaction metadata and then used to tweak the implementation. Specifically, I create a policy in which the authorization token’s lifespan is shortened if the user comes in from the browser of a mobile device.

The scenarios I’ve presented in these tutorials represent the two biggest strengths of the OAuth Toolkit – adherence to the specification when you need it and flexibility when you need that.  Our customers have taught us that every OAuth implementation is slightly different and our aim is to give them the tools they need to adapt.

January 19th, 2012

Enterprise Mobile Migration: A 2012 Imperative

Simplifying Enterprise Mobile Access — A How-to GuideThe proliferation of consumers using smart phones and iPads has, perhaps inevitably, led to an explosion of mobile adoption in the enterprise. In fact, this so-called “BYOD” (bring your own device) approach to workplace connectivity is increasingly driving enterprise usage of Cloud-based services.

However, with these new opportunities come new questions for enterprise IT. For example:  How can I control access to the Web APIs used by mobile apps? How can I secure connections to Cloud-based services? How can I monitor usage in order to protect against malicious attacks or accidental traffic spikes?

On February 8, I’ll be presenting a webinar called Simplifying Enterprise Mobile Access — A How-to Guide, which will provide answers to some of these questions. If you’re interested and you’d like to join me, click the link below to register:

In this webinar, I’ll be drawing on my experience helping large organizations deal with disruptive IT change. From my perspective, it’s clear that giving employees access to corporate data and services via mobile devices will require new thinking on how to leverage existing identity infrastructure, how to protect APIs and how to govern externally-facing IT assets.

January 16th, 2012

New OAuth Tutorial: Using Layer 7 as an OAuth 1.0/1.0a Server & Client

Written by

Using Layer 7 as an OAuth 1.0 ServerFrom a technical perspective, rapid adoption of the OAuth standard has resulted in something of a moving target. As the specification evolves, one company may implement OAuth 1.0a, another 2.0, while a third might go with OAuth WRAP. In addition, vague requirements in the spec often result in incompatible implementations, even of the same version.

My colleague Francois Lascelles recently launched a series of tutorial videos demonstrating how Layer 7’s OAuth Toolkit allows enterprises to use OAuth 2.0 to create some really interesting, powerful interaction scenarios.  However, the OAuth 2.0 specification isn’t 100% stable yet, so a real-world implementation must also be able to deal with 1.0a and OAuth WRAP.

For this reason, I’ve come up with a couple of additional tutorials that will demonstrate how our solution can be customized to meet changing requirements. My first tutorial, below, demonstrates a sample application using OAuth 1.0a, which exposes an interface that allows consuming applications to request access tokens and enables users to authorize those apps.

Watch this space for my second video, which will demonstrate how the OAuth Toolkit can be used to customize your implementation.

January 13th, 2012

FROM THE VAULT: White Paper – The Value of Application Service Governance for Cloud Computing

Value of SOA Governance for CloudAs 2012 begins, it definitely seems like Cloud computing will continue to be a hot issue in enterprise IT, with the impetus driving large organizations into the Cloud continuing to gather pace. Consequently, there’s going to be a growing need for information on how services run in the Cloud can be governed in order to ensure data security and maximize performance.

Many of Layer 7’s customers have already made the move into the Cloud. These companies have benefited greatly from our expertise in governance for SOA. This is because SOA governance is directly applicable to the Cloud. Our white paper The Value of Application Service Governance for Cloud Computing provides a detailed explanation of this connection.

Written by internationally-respected SOA/Cloud thought leader David Linthicum, in collaboration with our own Scott Morrison, this white paper outlines how the structure of SOA – services distributed across departments and locations – is at the core of all Cloud computing. So, governance principles that are effective in SOA also work in the Cloud.

To learn more, download The Value of Application Service Governance for Cloud Computing.